How to Avoid Being Caught by Bad Tiny URLs
Posted by nitzan on Friday, July 17th, 2009
It seems Bit.ly is now starting to warn visitors using their shortened URLs about bad sites being linked up using their service. This is excellent news and I wish the other website address shortening services would follow suit.
What is the issue, why is it a problem, and what can we do about it?
Website address shortening services came about because some times the page you are visiting can have a URL that is extremely long. If you want to send this web address to a friend over email, internet instant messaging, cell phone SMS text messaging, internet relay chat, or more recently, via a Twitter tweet, these addresses could be so long they either break when the person receiving your link tries to click it, or be so long they are rejected by the service altogether.
So rather than send the exact address that you find in the address bar of your web browser, instead you would copy and paste the address into a URL shortening service that would in turn create a shorter URL for you to use.
When someone then clicks the shorter URL they are “redirected” from the service through to your intended destination.
Sounds good so far, right?
The problem is, when someone sees one of these short URLs, instead of seeing where they will be taken, they see an entirely different address. We can not tell anything from the URL we are given about the nature of where we will be taken.
A safe but annoying example would be for us to be sent a “Rick-Roll”, that is we are given a link that purports to be some breaking news or cool site, only to be taken to the famous Rick Astley YouTube video instead. Ha ha. Got me there.
Rather than safe but annoying, more and more malicious and inappropriate content is being shared this way, spread via spam, trolls, phishing emails, and now Twitter.
You might be sent a message saying “Get a free iPod Touch!!!!”, but when you click the link it takes you to a malware site, or something that you would not want your family or boss to see.
How to Avoid Being Caught Out
- Do not trust email messages or Twitter users that you have not got to know first.
- Log out of important services when not in use, especially Twitter.com – “Cross Site Scripting Attacks” often make use of people being permanently logged in to web services.
- Use TweetDeck or equivalent Twitter desktop tool to avoid Twitter.com and to translate the short URLs back into long URLs
The biggest tip I can give is … If in doubt, do not click!
Obviously the vast majority of links you will come across are going to be safe and harm free, but it does not take much for someone to be given a big problem just by clicking an innocent-seeming link. Better to be safe than sorry, eh?
Got any tips to share? Please let us know in the comments …